[Cryptography] quantum computers & crypto

Christian Huitema huitema at huitema.net
Sun Nov 7 11:00:06 EST 2021

On 11/7/2021 4:18 AM, Jerry Leichter wrote:

> The fix for this is of course well known:  Padding.  If you know the entropy of the information carried by the message lengths, you could even compute the minimum amount of equivocation the padding has to introduce to deny an attacker any advantage.

It depends what your goal is. If the goal is to defeat traffic analysis, 
padding might help -- with caveats stated previously. If the goal is to 
make life harder for a potential crypto attacker trying to quickly check 
whether a particular decryption attempt revealed some unknown plain 
text, then padding does not help. The attacker will use the presence of 
padding as a queue that, yes, it worked. That's very easy to check if he 
application used the most popular form of padding, a tail of zeroes.

-- Christian Huitema

More information about the cryptography mailing list